CVE-2019-18823 — Improper Authentication in Htcondor

CWE-287 — Improper Authentication CWE-200 — Sensitive Information Exposure9 documents6 sources

Severity

9.8CRITICALNVD

EPSS

2.8%

top 13.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor Wisc Htcondor Debian Linux +1 more

Timeline

PublishedApr 27

Latest updateMay 24

Description

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDwisc/htcondor8.8.0 — 8.8.6+1

▶Debiancondor_project/condor< 23.2.0+dfsg-1+1

Also affects: Debian Linux 10.0, 9.0, Fedora 30, 31, 32

🔴Vulnerability Details

GHSA

GHSA-4w4f-pcxr-8ppr: HTCondor up to and including stable series 8↗2022-05-24

▶

CVEList

CVE-2019-18823: HTCondor up to and including stable series 8↗2020-04-27

▶

OSV

CVE-2019-18823: HTCondor up to and including stable series 8↗2020-04-27

▶

📋Vendor Advisories

Debian

CVE-2019-18823: condor - HTCondor up to and including stable series 8.8.6 and development series 8.9.4 ha...↗2019

▶

💬Community

Bugzilla

CVE-2019-18823 htcondor: Incorrect access control in condor_startd↗2020-04-27

▶

Bugzilla

CVE-2019-18823 condor: htcondor: Incorrect access control in condor_startd [epel-7]↗2020-04-27

▶

Bugzilla

CVE-2019-18823 condor: htcondor: Incorrect access control in condor_startd [fedora-all]↗2020-04-27

▶

Bugzilla

CVE-2019-18823 condor: htcondor: Incorrect access control in condor_startd [epel-6]↗2020-04-27

▶